Back to skill
Skillv1.0.0
ClawScan security
Capacity Planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 28, 2026, 11:46 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The instructions generally match a capacity-planning purpose, but the skill's runtime steps reference cloud endpoints and credentials (Prometheus URL, AWS CloudWatch/CLI, Datadog) while the metadata declares no required environment variables or credentials and there is no source/homepage—this mismatch is concerning.
- Guidance
- This skill's instructions need access to monitoring endpoints and possibly cloud credentials, but the package metadata doesn't declare those requirements and the source/homepage is missing. Before installing: 1) Ask the maintainer to document required env vars (PROMETHEUS_URL, any Datadog keys, and explicit AWS credential needs) and provide a source repo or homepage for review. 2) Only grant minimal read-only IAM permissions (CloudWatch read-only metrics, restricted to necessary namespaces/regions) and avoid long-lived root/owner keys. 3) Ensure PROMETHEUS_URL points to an internal, private endpoint and confirm whether TLS/auth is required. 4) Run the skill in a restricted/staging environment first so it cannot access sensitive production files or broad account scopes. 5) Consider disabling autonomous invocation or restricting when the skill can run until you verify it. If you cannot verify the source or cannot limit credentials, treat this as higher risk and avoid installing.
Review Dimensions
- Purpose & Capability
- noteThe name and description match the SKILL.md content: collecting metrics (Prometheus/CloudWatch/Datadog), fitting growth models, producing forecasts and cost models. Those actions legitimately require access to monitoring endpoints and possibly cloud billing/metric APIs. However, the skill's metadata declares no required env vars or primary credential even though the instructions explicitly reference $PROMETHEUS_URL and show using the AWS CLI and third‑party monitoring services. The missing declaration of these inputs and the lack of provenance (no homepage/source) are unexplained.
- Instruction Scope
- concernSKILL.md tells the agent to run local system commands (df, free) and to call external monitoring APIs (curl $PROMETHEUS_URL, aws cloudwatch, Datadog/CloudWatch fallback). The instructions reference environment variables and credentials that are not declared (PROMETHEUS_URL, AWS credentials, Datadog keys). These steps can access local system state (disk, memory) and cloud account metrics; combined with autonomous invocation this increases risk of unintended data access or disclosure. The doc does not limit where Prometheus_URL should point (internal vs public) or constrain required IAM scopes.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. That reduces supply-chain risk because nothing is downloaded or written by the install process.
- Credentials
- concernMetadata lists no required environment variables or credentials, but instructions plainly require at least PROMETHEUS_URL and access to cloud monitoring APIs (AWS CLI calls which will use AWS credentials from env or ~/.aws). The skill also mentions Datadog and CloudWatch as alternatives. The absence of declared env requirements is disproportionate and opaque; providing broad credentials without clear, declared needs increases risk.
- Persistence & Privilege
- okThe skill is not marked always:true and is user-invocable only. It does not request permanent presence or changes to other skills. Note: the skill allows autonomous model invocation (platform default); when combined with the above credential-access concerns this increases the blast radius, but autonomous invocation on its own is not flagged.